The Department of Computer Science at the University of Cyprus cordially invites you to the Colloquium entitled:

Real-world Polymorphic Attack Detection


Speaker: Prof. Evangelos Markatos
Affiliation: FORTH-ICS and Univ. of Crete, Greece
Category: Colloquium
Location: Room 148, Faculty of Pure and Applied Sciences (FST-01), 1 University Avenue, 2109 Nicosia, Cyprus (directions)
Date: Friday, Nov. 25, 2011
Time: 10:00-11:00 EET
Host: Marios D. Dikaiakos (mdd AT

As state-of-the-art attack detection technology becomes more prevalent, attackers have started to employ evasion techniques such as code obfuscation and polymorphism to defeat existing defenses. We have recently proposed network-level emulation, a heuristic detection method that scans network traffic to detect polymorphic attacks. Our approach uses a CPU emulator to dynamically analyze every potential instruction sequence in the inspected traffic, aiming to identify the execution behavior of certain malicious code classes, such as self-decrypting polymorphic shellcode. In this work, we present results and experiences from deployments of network-level emulation in production networks. After more than a year of continuous operation, our prototype implementation has captured more than a million attacks against real systems, while so far has not resulted to any false positives. The observed attacks employ a highly diverse set of exploits, often against less widely used vulnerable services, and in some cases, sophisticated obfuscation schemes.

Short Bio:
Prof. Evangelos Markatos received his diploma in Computer Engineering from the University of Patras in 1988, and the M.S and Ph.D. degrees in Computer Science from the University of Rochester, NY in 1990 and 1993 respectively. Since 1992, he collaborates with the Institute of Computer Science of the Foundation for Research and Technology - Hellas (ICS-FORTH) where he is currently the founder and head of the Distributed Computing Systems Laboratory. He conducts research in several areas including distributed and parallel systems, the World-Wide Web, Internet Systems and Technologies, as well as Computer and Communication Systems Security. He has been the project manager of the LOBSTER and NoAH projects, both funded in part by the European Union and focusing on developing novel approaches to network monitoring and network security. He is currently the project manager of the i-code and SysSec projects. Since 1992, he has also been affiliated with the Computer Science Department of the University of Crete, where he is currently a full Professor.

  Mailing List:

Sponsor: The CS Colloquium Series is supported by a generous donation from Microsoft